Slashdot Mirror
Hacking Group 'OurMine' Temporarily Redirected WikiLeaks DNS Service (theguardian.com)
An anonymous reader quotes the Guardian:
WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
I'm more interested in the point that the screenshot from the link shows a https link so either the screen shot is fake or they also managed to get hold of a certificate for wikileaks.org
Wikileaks actually invited hackers to hack its site. So, I do not think that the hackers were malicious. If nothing else, they did Wikileaks a favor. If a bunch of hackers can do this, the NSA (and other intelligence agencies) can do much worse.
Plus, an intelligence service won't attack when it's invited to do so, it will only attack when Wikileaks is about to dump something that is important to them. In this age of short attention spans, timing can be crucial.
The same goes for Wikileaks. Wikileaks chooses to release information when it thinks it will have the most impact (e.g. just before an election, just before a troop redeployment, not during a Super Bowl, not when Beyonce is having twins, etc).
Wikileaks doesn't have DNSSEC enabled, so it is trivial to poison caches. Granted, most users are not behind dnssec-validating resolvers, but this is changing...
Because they don't actively adopt, encourage, and support a Nazi ideology? Or racist or religious hate in general? There's no double standard - one group actively goes way over any reasonable line, and the other at worst tolerates borderline postings by others -- if even that.
Nobody seized a domain. DailyStormer was free to transfer their domain to registrar would take it. They simply failed to find a taker. Look up the whois record yourself.
Damn people for expecting their political leadership to condemn domestic terrorism and groups that endorse it through bullshit like "rahowa."
Conservatives already do it. Liberals will not because, as they explain over, and over, and over again, you can no more blame Islam and Muslims for those attacks than you can blame Christianity and Southern Baptists. You need to be a bit more specific, like blaming Nazis and ISIS.
Pretty sure liberals have been blaming ISIS. So suck it.
The Saudi authority have for a long time performed MITM on the nations whole population and companies such as Symantec have actively aided them.
If they had deployed DNSSec and I would have advised DANE then this would have been harder to perform.
https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
top tip try and enable it on your own domain !